Incentives and Disciplinary Measures
Accountability—What disciplinary actions would your bank take
in response to misconduct should it occur? Would managers be
held accountable for misconduct occurring under their supervision?
While these are unpleasant scenarios to think about, the reality
is that your bank’s ethics policy and program must stand firm.
Human Resources Process—While Human Resources plays
the key role in managing personnel policy, should other control
functions participate in the analysis and determination with respect
to confirmed cases of misconduct? In addition, disciplinary actions,
as well as incentives to encourage appropriate behavior should be
fairly and consistently applied across the organization. And, this
too, may require multi-disciplinary input and oversight. Although
the “who” within organizations may vary from department to
department, it is important that the “who” is the subject matter
expert on conduct and not just someone given a checklist.
Incentive System—If your bank incentivizes compliance and
ethical behavior, are you convinced that the program is properly
configured for success? Conversely, is there any potential for program
failure? Look at your bank’s incentive programs on an elemental
basis, identifying data points that can establish metrics for monitoring program effectiveness over time.
Periodic Testing, and Review
Internal Audit—Take a close look at your bank’s Audit Schedule
and ask yourself if it includes all high-risk areas. Specifically, does
it cover incentive and compensation programs, and if so, to what
level? The DOJ will look at the
types of audits conducted, the
findings that resulted, and the
reporting and the remediation
that follows. It is important to
not get hung up on the term
“audit” in this context. It’s not really about which line of defense
is involved; it’s about whether or not it is appropriately equipped
to serve as an effective, detective control.
Control Testing—As you go through the control testing schedule, determine if your bank has sufficiently reviewed and tested
controls aligned to risks for potential misconduct or self-dealing.
Are the test steps up to date with current standards, and do your
systems automatically monitor and provide reporting to support
identification of inappropriate activity? Through the collection,
analysis, and distribution of data on sales trends, payment of incentives, and confirmed accounts, is your bank ensuring appropriate
management oversight through ongoing review and testing of controls?
Evolving Updates—Are you taking steps periodically to critically
assess how well your corporate policies are keeping pace with the
direction of risk? Re-consider the policy review process and think
about who is providing input. Does the review process need a fresh
perspective? Think innovatively, perhaps tapping into your employees. Employee focus groups can provide feedback on how
the bank functions and conducts its affairs within the confines of
existing governance. There may be rising stars in the ranks who
have ideas that could benefit your customers, while helping the
bank to manage risk.
Knowing what risk
information is collected,
analyzed, and organized
for purposes of
can demonstrate how
the bank assesses and
faced by the enterprise.